PT-2021-15179 · Schneider Electric · Evlink Smart Wallbox+2
Published
2021-07-21
·
Updated
2021-07-28
·
CVE-2021-22721
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
EVlink City versions prior to R8 V3.4.0.1
EVlink Parking versions prior to R8 V3.4.0.1
EVlink Smart Wallbox versions prior to R8 V3.4.0.1
Description
A CWE-200: Information Exposure issue exists that could allow an attacker to gain limited knowledge of javascript code when crafted malicious parameters are submitted to the charging station web server.
Recommendations
For EVlink City versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
For EVlink Parking versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
For EVlink Smart Wallbox versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evlink City
Evlink Parking
Evlink Smart Wallbox